Namespaces

  • Nette
    • Application
      • Diagnostics
      • Responses
      • Routers
      • UI
    • Caching
      • Storages
    • ComponentModel
    • Config
      • Adapters
      • Extensions
    • Database
      • Diagnostics
      • Drivers
      • Reflection
      • Table
    • DI
      • Diagnostics
    • Diagnostics
    • Forms
      • Controls
      • Rendering
    • Http
    • Iterators
    • Latte
      • Macros
    • Loaders
    • Localization
    • Mail
    • Reflection
    • Security
      • Diagnostics
    • Templating
    • Utils
      • PhpGenerator
  • NetteModule
  • None
  • PHP

Classes

  • Identity
  • Permission
  • SimpleAuthenticator
  • User

Interfaces

  • IAuthenticator
  • IAuthorizator
  • IIdentity
  • IResource
  • IRole
  • IUserStorage

Exceptions

  • AuthenticationException
  • Overview
  • Namespace
  • Class
  • Tree
  • Deprecated
  1: <?php
  2: 
  3: /**
  4:  * This file is part of the Nette Framework (http://nette.org)
  5:  *
  6:  * Copyright (c) 2004 David Grudl (http://davidgrudl.com)
  7:  *
  8:  * For the full copyright and license information, please view
  9:  * the file license.txt that was distributed with this source code.
 10:  */
 11: 
 12: namespace Nette\Security;
 13: 
 14: use Nette;
 15: 
 16: 
 17: /**
 18:  * User authentication and authorization.
 19:  *
 20:  * @author     David Grudl
 21:  *
 22:  * @property-read bool $loggedIn
 23:  * @property-read IIdentity $identity
 24:  * @property-read mixed $id
 25:  * @property   IAuthenticator $authenticator
 26:  * @property-read int $logoutReason
 27:  * @property-read array $roles
 28:  * @property   IAuthorizator $authorizator
 29:  */
 30: class User extends Nette\Object
 31: {
 32:      /** @deprecated */
 33:     const MANUAL = IUserStorage::MANUAL,
 34:         INACTIVITY = IUserStorage::INACTIVITY,
 35:         BROWSER_CLOSED = IUserStorage::BROWSER_CLOSED;
 36: 
 37:     /** @var string  default role for unauthenticated user */
 38:     public $guestRole = 'guest';
 39: 
 40:     /** @var string  default role for authenticated user without own identity */
 41:     public $authenticatedRole = 'authenticated';
 42: 
 43:     /** @var array of function(User $sender); Occurs when the user is successfully logged in */
 44:     public $onLoggedIn;
 45: 
 46:     /** @var array of function(User $sender); Occurs when the user is logged out */
 47:     public $onLoggedOut;
 48: 
 49:     /** @var IUserStorage Session storage for current user */
 50:     private $storage;
 51: 
 52:     /** @var IAuthenticator */
 53:     private $authenticator;
 54: 
 55:     /** @var IAuthorizator */
 56:     private $authorizator;
 57: 
 58:     /** @var Nette\DI\Container */
 59:     private $context;
 60: 
 61: 
 62:     public function __construct(IUserStorage $storage, Nette\DI\Container $context)
 63:     {
 64:         $this->storage = $storage;
 65:         $this->context = $context; // with IAuthenticator, IAuthorizator
 66:     }
 67: 
 68: 
 69:     /**
 70:      * @return IUserStorage
 71:      */
 72:     final public function getStorage()
 73:     {
 74:         return $this->storage;
 75:     }
 76: 
 77: 
 78:     /********************* Authentication ****************d*g**/
 79: 
 80: 
 81:     /**
 82:      * Conducts the authentication process. Parameters are optional.
 83:      * @param  mixed optional parameter (e.g. username or IIdentity)
 84:      * @param  mixed optional parameter (e.g. password)
 85:      * @return void
 86:      * @throws AuthenticationException if authentication was not successful
 87:      */
 88:     public function login($id = NULL, $password = NULL)
 89:     {
 90:         $this->logout(TRUE);
 91:         if (!$id instanceof IIdentity) {
 92:             $id = $this->getAuthenticator()->authenticate(func_get_args());
 93:         }
 94:         $this->storage->setIdentity($id);
 95:         $this->storage->setAuthenticated(TRUE);
 96:         $this->onLoggedIn($this);
 97:     }
 98: 
 99: 
100:     /**
101:      * Logs out the user from the current session.
102:      * @param  bool  clear the identity from persistent storage?
103:      * @return void
104:      */
105:     final public function logout($clearIdentity = FALSE)
106:     {
107:         if ($this->isLoggedIn()) {
108:             $this->onLoggedOut($this);
109:             $this->storage->setAuthenticated(FALSE);
110:         }
111:         if ($clearIdentity) {
112:             $this->storage->setIdentity(NULL);
113:         }
114:     }
115: 
116: 
117:     /**
118:      * Is this user authenticated?
119:      * @return bool
120:      */
121:     final public function isLoggedIn()
122:     {
123:         return $this->storage->isAuthenticated();
124:     }
125: 
126: 
127:     /**
128:      * Returns current user identity, if any.
129:      * @return IIdentity|NULL
130:      */
131:     final public function getIdentity()
132:     {
133:         return $this->storage->getIdentity();
134:     }
135: 
136: 
137:     /**
138:      * Returns current user ID, if any.
139:      * @return mixed
140:      */
141:     public function getId()
142:     {
143:         $identity = $this->getIdentity();
144:         return $identity ? $identity->getId() : NULL;
145:     }
146: 
147: 
148:     /**
149:      * Sets authentication handler.
150:      * @return self
151:      */
152:     public function setAuthenticator(IAuthenticator $handler)
153:     {
154:         $this->authenticator = $handler;
155:         return $this;
156:     }
157: 
158: 
159:     /**
160:      * Returns authentication handler.
161:      * @return IAuthenticator
162:      */
163:     final public function getAuthenticator()
164:     {
165:         return $this->authenticator ?: $this->context->getByType('Nette\Security\IAuthenticator');
166:     }
167: 
168: 
169:     /**
170:      * Enables log out after inactivity.
171:      * @param  string|int|DateTime number of seconds or timestamp
172:      * @param  bool  log out when the browser is closed?
173:      * @param  bool  clear the identity from persistent storage?
174:      * @return self
175:      */
176:     public function setExpiration($time, $whenBrowserIsClosed = TRUE, $clearIdentity = FALSE)
177:     {
178:         $flags = ($whenBrowserIsClosed ? IUserStorage::BROWSER_CLOSED : 0) | ($clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0);
179:         $this->storage->setExpiration($time, $flags);
180:         return $this;
181:     }
182: 
183: 
184:     /**
185:      * Why was user logged out?
186:      * @return int
187:      */
188:     final public function getLogoutReason()
189:     {
190:         return $this->storage->getLogoutReason();
191:     }
192: 
193: 
194:     /********************* Authorization ****************d*g**/
195: 
196: 
197:     /**
198:      * Returns a list of effective roles that a user has been granted.
199:      * @return array
200:      */
201:     public function getRoles()
202:     {
203:         if (!$this->isLoggedIn()) {
204:             return array($this->guestRole);
205:         }
206: 
207:         $identity = $this->getIdentity();
208:         return $identity && $identity->getRoles() ? $identity->getRoles() : array($this->authenticatedRole);
209:     }
210: 
211: 
212:     /**
213:      * Is a user in the specified effective role?
214:      * @param  string
215:      * @return bool
216:      */
217:     final public function isInRole($role)
218:     {
219:         return in_array($role, $this->getRoles(), TRUE);
220:     }
221: 
222: 
223:     /**
224:      * Has a user effective access to the Resource?
225:      * If $resource is NULL, then the query applies to all resources.
226:      * @param  string  resource
227:      * @param  string  privilege
228:      * @return bool
229:      */
230:     public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
231:     {
232:         $authorizator = $this->getAuthorizator();
233:         foreach ($this->getRoles() as $role) {
234:             if ($authorizator->isAllowed($role, $resource, $privilege)) {
235:                 return TRUE;
236:             }
237:         }
238: 
239:         return FALSE;
240:     }
241: 
242: 
243:     /**
244:      * Sets authorization handler.
245:      * @return self
246:      */
247:     public function setAuthorizator(IAuthorizator $handler)
248:     {
249:         $this->authorizator = $handler;
250:         return $this;
251:     }
252: 
253: 
254:     /**
255:      * Returns current authorization handler.
256:      * @return IAuthorizator
257:      */
258:     final public function getAuthorizator()
259:     {
260:         return $this->authorizator ?: $this->context->getByType('Nette\Security\IAuthorizator');
261:     }
262: 
263: 
264:     /********************* deprecated ****************d*g**/
265: 
266:     /** @deprecated */
267:     function setNamespace($namespace)
268:     {
269:         trigger_error(__METHOD__ . '() is deprecated; use getStorage()->setNamespace() instead.', E_USER_WARNING);
270:         $this->storage->setNamespace($namespace);
271:         return $this;
272:     }
273: 
274:     /** @deprecated */
275:     function getNamespace()
276:     {
277:         trigger_error(__METHOD__ . '() is deprecated; use getStorage()->getNamespace() instead.', E_USER_WARNING);
278:         return $this->storage->getNamespace();
279:     }
280: 
281:     /** @deprecated */
282:     function setAuthenticationHandler($v)
283:     {
284:         trigger_error(__METHOD__ . '() is deprecated; use setAuthenticator() instead.', E_USER_WARNING);
285:         return $this->setAuthenticator($v);
286:     }
287: 
288:     /** @deprecated */
289:     function setAuthorizationHandler($v)
290:     {
291:         trigger_error(__METHOD__ . '() is deprecated; use setAuthorizator() instead.', E_USER_WARNING);
292:         return $this->setAuthorizator($v);
293:     }
294: 
295: }
296: 
Nette Framework 2.0.11 API API documentation generated by ApiGen 2.8.0